Search results
From GDPRhub
- Overview of GDPR (section Article 7 CFR)of such processing (see Article 5(1)(b) GDPR), the requirement to have a legitimate basis laid down by law (see Article 6(1) GDPR), the right to access and48 KB (5,978 words) - 15:57, 1 February 2024
- Article 20 GDPR (category GDPR Articles)consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and (b) the processing is40 KB (5,349 words) - 07:05, 1 June 2023
- Recitals GDPR (section Recitals from the GDPR)Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on 7 March 2012 (17). Recital 173: This Regulation182 KB (24,065 words) - 13:40, 9 July 2021
- DSB (Austria) - 2021-0.586.257 (category Article 4(7) GDPR)website controller qualifies as controller (Article 4(7) GDPR) and Google LLC as processor (Article 4(8) GDPR) for data processing in connection with Google108 KB (17,097 words) - 13:52, 12 May 2023
- one of the 'other administrative or non-judicial' remedies, which Article 78(2) GDPR refers to. If the DPA decides to uphold their decision, they will10 KB (1,078 words) - 06:40, 26 March 2023
- LG Köln - 33 O 376/22 (category Article 45 GDPR)protection within the meaning of Article 45 of the GDPR and without appropriate safeguards within the meaning of Article 46 of the GDPR. Furthermore, the plaintiff66 KB (9,990 words) - 12:30, 29 January 2024
- IMY (Sweden) - DI-2020-11373 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data113 KB (12,773 words) - 15:20, 6 December 2023
- APD/GBA (Belgium) - 81/2020 (category Article 5(1)(c) GDPR)(Articles 12 and 14 of the GDPR) - a breach of her right of access (article 15 of the GDPR) - a breach of Article 28 of the GDPR with regard to the quality127 KB (21,484 words) - 17:01, 12 December 2023
- CNIL (France) - SAN-2019-005 (category Article 5(1)(e) GDPR)data, as provided for in Article 5 of the Regulation, is characterized. III. on sanctions and publicity 53. Article 45-III 7° of the law of January 6,41 KB (6,558 words) - 17:09, 6 December 2023
- AEPD (Spain) - E/10529/2021 (category Article 45 GDPR)that the controller had not violated Article 45 GDPR nor any of the subsequent Articles from Chapter V of the GDPR. The AEPD took into account that the44 KB (6,642 words) - 10:34, 13 December 2023
- HDPA (Greece) - 20/2020 (category Article 45 GDPR)explanatory statement of the law, Article 10 defines the Authority’s competence in compliance with Article 55 GDPR.Article 55 GDPR provides for a restriction29 KB (4,578 words) - 15:35, 6 December 2023
- IMY (Sweden) - DI-2020-11397 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data121 KB (13,722 words) - 15:16, 5 July 2023
- IMY (Sweden) - DI-2020-11368 (category Article 44 GDPR)not be based on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data115 KB (12,842 words) - 08:38, 5 July 2023
- IMY (Sweden) - DI-2020-11370 (category Article 44 GDPR)be established on Article 45. Article 46.1 provides, among other things, that in the absence of a decision in accordance with Article 45.3 a personal data131 KB (14,752 words) - 08:36, 5 July 2023
- BVwG - W245 2252208-1/36E and W245 2252221-1/30E (category Article 44 GDPR)data according to Art. 45 GDPR does not exist. Since there is no adequacy decision according to Art. 45 Para. 3 GDPR, Art. 46 GDPR further admissibility158 KB (26,392 words) - 08:25, 7 June 2023
- Datatilsynet (Denmark) - 2020-431-0061 (Helsingor decision no. 2) (category Article 5(1)(a) GDPR)pursuant to Article 5(2) GDPR in conjunction with Article 5(1)(a) GDPR. Failure to demonstrate that processing is performed in accordance with the GDPR The DPA75 KB (11,733 words) - 16:33, 21 August 2022
- 2018-1125 of 12 December 2018. The age of consent is 15 years following Article 45 of the Law "Informatique et Libertés". The interplay between the right10 KB (1,108 words) - 09:37, 29 September 2021
- CJEU - C-77/21 - Digi (category Article 5(1)(b) GDPR)compliant with Articles 5 and 6 GDPR. According to Article 6 GDPR, when a controller did not rely on consent (Article 6(1)(a) GDPR), its processing should be49 KB (7,800 words) - 09:22, 5 January 2024
- OLG Koln - 15 U 45/23 (category Article 16 GDPR)database. The request for erasure under Article 17(1) GDPR is not applicable, because under Article 17(3)(e) GDPR, the processing was necessary for the defence26 KB (4,187 words) - 14:46, 8 May 2024
- CNIL (France) - Google Analytics (no case number) (category Article 4(7) GDPR)be personal data per Article 4 GDPR. The CNIL then assessed whether the transfers of the data to the US comply with Article 44 GDPR. It considered whether40 KB (5,904 words) - 16:51, 24 February 2022
- CJEU - C-601/20 - SOVIM (category Article 45 GDPR)guaranteed by Article 7 of the Charter and the right to protection of personal data guaranteed by Article 8 of the Charter? Question 3 1. Is Article 5(1)(a)9 KB (1,176 words) - 13:29, 5 January 2024
- entitled to erasure under Article 17(1)(d) GDPR, as the data processing was not lawful. In any case, the requirements of Article 6 GDPR were no longer met 651 KB (8,215 words) - 09:55, 13 May 2022
- CNPD (Portugal) - Deliberação 2021/533 (category Article 9 GDPR)April 2016 (General Data Protection Regulation - GDPR), in conjunction with Article 3, Article 4(2) and Article 6(1)(b), all of which are applicable to the30 KB (4,708 words) - 16:56, 6 December 2023
- Council of State - 251.378 (category Article 45 GDPR)ruling and the GDPR; breach of Article 28 GDPR (the choice of a the processor does not provide sufficient guarantees); breach of Article 32 GDPR (lack of appropriate40 KB (6,324 words) - 15:34, 1 September 2021
- CNIL (France) - SAN-2019-001 (category Article 7 GDPR)comprehensible character, within the meaning of Article 12 of the GDPR, of the information provided for in Article 13 of the Regulation must be assessed. The90 KB (14,556 words) - 17:08, 6 December 2023
- DSB (Austria) - D124.1177/0006-DSB/2019 (category Article 5(1)(e) GDPR) (section Article 17(1)(d) GDPR)5(1)(b) and (e), 9(2)(j), 89(1) GDPR and Section 7(1)(1) and (2)(1) GDPR. In particular, it follows from Article 9(2)(j) GDPR that the processing of data relating31 KB (4,648 words) - 13:56, 12 May 2023
- BVwG - W258 2227269-1/14E (category Article 4(7) GDPR)violating Article 5(1) GDPR Article 6 (1) GDPR Article 6(4) GDPR Article 9 GDPR Article 14 GDPR Article 30 GDPR Article 35 GDPR and Article 36 GDPR. The fine47 KB (7,345 words) - 09:41, 10 September 2021
- [The equivalent GDPR Article to Article 48(3)(a) EU GDPR is Article 46(3)(a) GDPR, and Article 50(1)(d) EU GDPR is Article 49(1)(d) GDPR.] Share blogs or73 KB (9,347 words) - 13:28, 26 July 2023
- VGH Baden-Württemberg - 1 S 397/19 (category Article 5(1)(d) GDPR)force: "According to Article 16 sentence 1 GDPR, every data subject has the right to request the controller (see Article 4(7) GDPR) to correct incorrect112 KB (19,310 words) - 08:08, 23 June 2022
- Tietosuojavaltuutetun toimisto (Finland) - TSV/26/2020 (category Article 5(1)(e) GDPR)violated Article 5(1)(e) GDPR and Article 25(2) GDPR. As a result, the DPA issued a reprimand to the controller in accordance with Article 58(2)(b) GDPR. Pursuant77 KB (12,352 words) - 07:20, 23 April 2024
- AEPD (Spain) - PS/00240/2019 (category Article 5(1)(b) GDPR)Therefore, given that Article 6(1), Article 5(1)(a), Article 5(1)(d), Article 5(1)(c), and Article 14 GDPR were infringed in connection to Article 5(1)(b), the602 KB (102,229 words) - 14:21, 13 December 2023
- AEPD (Spain) - PS/00050/2020 (category Article 5(1)(a) GDPR)restaurant owner lawful in line of Article 5(1)(a) GDPR? The Spanish DPA concluded that there has been a breach of Article 5(1)(a) GDPR because the uploading of31 KB (5,083 words) - 13:51, 13 December 2023
- AEPD (Spain) - PS/00024/2019 (category Article 5(1)(f) GDPR)the principle of confidentiality, namely Article 5(1)(f) GDPR, and thus, it did not comply with Article 5(2) GDPR referred as the principle of "proactive53 KB (8,593 words) - 13:47, 13 December 2023
- APD/GBA (Belgium) - 37/2020 (category Article 17 GDPR)conjunction with Article 56(5), read in conjunction with Article 56(6), read in conjunction with Article 56(7), read in conjunction with Article 56(8). in conjunction131 KB (22,429 words) - 16:57, 12 December 2023
- EDPB - Binding Decision 2/2022 - 'Instagram' (category Article 5(1)(c) GDPR)the performance of a contract (Article 6(1)(b) GDPR) and for legitimate interest (Article 6(1)(f) GDPR). Article 6(1)(b) GDPR In its original draft decision276 KB (38,206 words) - 09:46, 20 January 2023
- VK Baden-Württemberg - 1 VK 23/22 (category Article 44 GDPR)within the meaning of Article 4 no. 2 of the GDPR and the term "transfer" within the meaning of Article 44 et seq. of the GDPR. GDPR had to be differentiated62 KB (10,113 words) - 12:48, 17 August 2022
- Norges Høyesterett - 2021-2403-A (category Article 7 GDPR)other two conditions of Article 6 (1) (f) of the GDPR are not met. (26) The second condition of Article 6 (1) (f) of the GDPR is that the processing of46 KB (7,024 words) - 06:18, 6 March 2022
- AEPD (Spain) - PS/00257/2020 (category Article 37 GDPR)for more than two years after the entry into force of the GDPR. This breached Article 37 GDPR. Ayuntamiento de Arroyomolinos was found lacking a Data Protection18 KB (2,737 words) - 14:23, 13 December 2023
- OVG Sachsen-Anhalt - 1 M 49/23 (category Article 53(1) GDPR)this regulation in accordance with Article 57 (1) (a) GDPR and which has the powers in accordance with Article 58 GDPR. For this reason alone, there was14 KB (1,999 words) - 14:20, 18 July 2023
- BVerfG - 1 BvR 276/17 (category Article 17 GDPR)violation of the general right of personality under Article 1.1, Article 2.1 of the Basic Law (Article 7, Article 8 of the Basic Law) was to be taken into account127 KB (21,367 words) - 16:00, 22 March 2022
- CE - N° 433311 (category Article 5(1)(e) GDPR)company for faulty website security (article 32 GDPR) and violation of the storage limitation principle (article 5(1)(e) GDPR). After a complaint in 2018, the18 KB (2,677 words) - 09:50, 10 September 2021
- AEPD (Spain) - TD/00071/2020 (category Article 17 GDPR)6www.aepd.es28001 - Madridsedeagpd.gob.es Page 4 4/7with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and this is notbased on19 KB (2,948 words) - 14:50, 13 December 2023
- GHSHE (Netherlands) - 200.270.589 01 and 200.270.589 02 (category Article 6(1)(c) GDPR)subject’ (recital 45 of the preamble to the GDPR). (P. 85) (…) The basis of processing data, referred to in Article 6(1)(c) of the GDPR, is the processing91 KB (15,371 words) - 15:11, 5 October 2021
- Datatilsynet (Denmark) - 2018-32-0357 (category Article 4(11) GDPR)like this: 123.45.67.89 - 25/Mar/2003 10:15:32 - http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 - 740674ce2123e969 123.45.67.89 is the65 KB (9,767 words) - 16:22, 6 December 2023
- CNIL (France) - SAN-2020-014 (category Article 9 GDPR)obligation of Article 32 GDPR? - Does the fact that this health data is not encrypted constitute a breach of the security obligation under Article 32 GDPR? - Does26 KB (4,050 words) - 17:10, 6 December 2023
- Datatilsynet (Norway) - 20/01949 (category Article 5 GDPR)transparency, cf. Article 5(1)(a), and accuracy, cf. Article (5)(1)(d), they hadn't recorded the processing activity as required in Article 30, hadn't conducted49 KB (7,572 words) - 16:14, 6 December 2023
- CJEU - T‑200/21 JS v European Data Protection Supervisor (EDPS) (category Article 17 GDPR)right to erasure (“right to be forgotten”) of Article 17 GDPR and Article 19 of Regulation 2018/1725. Under GDPR, such prolonged and unrestricted data retention61 KB (9,971 words) - 14:28, 4 January 2024
- CNIL (France) - SAN-2020-012 (category Article 4(7) GDPR)the fine, the criteria specified in the same article 83. 111. Article 83 of the GDPR, as referred to in Article 20, paragraph III, of the Data Protection93 KB (14,936 words) - 17:09, 6 December 2023
- HDPA (Greece) - 7/2023 (category Article 15 GDPR)(definition) Article 4.5 : Pseudonymization (definition) Article 4.6 : Filing system (definition) Article 4.7 : Controller (definition) Article 4.8 : Processor9 KB (1,251 words) - 12:15, 8 May 2023
- AEPD (Spain) - PS/00001/2021 (category Article 5(1)(f) GDPR)enshrined in Article 25 GDPR. Additionally, the AEPD concluded that the controller had violated Article 5(1)(f) GDPR, noting that although the GDPR does not270 KB (43,335 words) - 12:39, 13 December 2023
- BVerfG - 1 BvR 16/13 (category Article 17 GDPR)not completely determined by it. This already follows from Article 1.3, Article 20.3 and Article 93.1 No. 4a of the Basic Law. According to these, the commitment133 KB (21,944 words) - 15:59, 22 March 2022
- EDPB - Binding Decision 3/2022 - 'Meta (Facebook)' (category Article 7 GDPR)administrative fine for the infringement of Article 6(1) or Article 6(1)(b) GDPR meet the requirements of Article 4(24) GDPR. 504. The EDPB decides that the relevant53 KB (8,413 words) - 14:10, 30 January 2023
- OLG Nürnberg - 8 U 2907/21 (category Article 12(5)(b) GDPR)right to access under Article 15 GDPR because the controller was entitled to reject the request pursuant to Article 12(5)(b) GDPR. The court reasoned that24 KB (3,847 words) - 15:19, 11 September 2022
- APD/GBA (Belgium) - 36/2021 (category Article 83(7) GDPR)approved appeal of Article 5(1)(a), Article 12(1), Article 13(1) and Article 13(2). The appeal for Article 5(1)(c), Article 6(1) and Article 8 GDPR was not approved62 KB (9,417 words) - 16:57, 12 December 2023
- Hoge Raad - 21/00241 (category Article 6(1)(c) GDPR)processed on the basis of Article 6(1)(c) GDPR does not have the rights to erasure and objection contained in Article 17 and Article 21 GDPR respectively. This29 KB (4,605 words) - 17:00, 15 December 2021
- FG München - Auskunftsanspruch nach Art. 15 DSGVO (category Article 15(3) GDPR)the data protection claims from the GDPR is passively legitimate (Art. 15 Para. 1 GDPR). According to Art. 4 No. 7 GDPR, this is the natural or legal person97 KB (16,519 words) - 09:57, 22 February 2023
- APD/GBA (Belgium) - 24/2021 (category Article 7(1) GDPR)especially: 1) Violation of article 4.11 GDPR read in conjunction with article 6.1 a) GDPR as well Articles 7.1 and 7.3 GDPR: the Inspection Service determines110 KB (18,238 words) - 16:56, 12 December 2023
- HDPA (Greece) - 51/2021 (category Article 22 GDPR)Profileing (definition) Article 4.5: Aliasing (definition) Article 4.6: Archiving system (definition) Article 4.7: Processor (definition) Article 4.8: Executor (definition)9 KB (1,168 words) - 15:30, 6 December 2023
- AZOP (Croatia) - Decision 05-07-2021 (category Article 32(1)(b) GDPR)activities further violated Article 32(1)(b) and (d) GDPR. Accordingly, the DPA, in accordance with its powers under Article 58 (2) GDPR, imposed an administrative5 KB (599 words) - 15:38, 30 October 2023
- EDPB - Binding Decision 1/2020 - 'Twitter' (category Article 4(24) GDPR)DE SA’s objection on Article 33(3) GDPR fails to meet the requirements set out in Article 4(24) GDPR Infringement of Article 34 GDPR on the communication183 KB (30,819 words) - 09:50, 20 January 2023
- EDPB - Binding Decision 4/2022 - 'Meta (Instagram)' (category Article 7 GDPR)imposed pursuant toArticle83 GDPR 55. 45. The FR SA notes that reversing the findings concerning the infringements of Article 6(1) GDPR also affects the468 KB (51,340 words) - 14:10, 30 January 2023
- DSB (Austria) - 2022-0.332.606 (category Article 2(2)(c) GDPR)case fell under the household exception found in Article 2(2)(c) GDPR. According to this provision, the GDPR does not apply to the processing of personal data21 KB (3,166 words) - 13:43, 12 May 2023
- CNPD (Luxembourg) - Délibération n° 13FR/2023 (category Article 5(1)(b) GDPR)their employees. The DPA found a violation of Article 5(1)(b) GDPR, Article 5(1)(c) GDPR and Article 13 GDPR. Following a visit to the premises of two public96 KB (13,984 words) - 16:57, 6 December 2023
- OLG Naumburg - 9 U 6/19 (category Article 9(1) GDPR)Court found that customers’ order data is health data and fall within Article 9(1) GDPR. Amazon does not collect health data stricto sensu but it can draw32 KB (5,236 words) - 16:00, 10 March 2022
- BAG - 9 AZR 383/19 (category Article 38(3) GDPR)force of the GDPR, the controller also sent him a separate revocation letter referring to the operational reasons under Article 38(3) GDPR, second sentence40 KB (6,019 words) - 14:13, 28 November 2023
- AEPD (Spain) - PS/00291/2019 (category Article 6(1)(a) GDPR)unlawful processing data from a public registry without a legal basis under Article 6 GDPR. A citizen filled a complaint with the AEPD regarding the unlawful processing33 KB (5,396 words) - 14:26, 13 December 2023
- OLG Dresden - 4 U 1905/21 (category Article 12(5)(b) GDPR)that a controller is allowed to reject a request to access under Article 12(5)(b) GDPR as "excessive" if the request's sole purpose is to verify the validity40 KB (6,325 words) - 16:12, 18 May 2022
- Tietosuojavaltuutetun toimisto (Finland) - 1198/161/2022 (category Article 9(2)(a) GDPR)within the meaning of Article 4(15) GDPR and Article 9(1) GDPR. Processing of sensitive data requires a legal basis under Article 9(2) GDPR. In the present case13 KB (1,847 words) - 15:52, 11 December 2023
- NAIH (Hungary) - NAIH-2020-2546-5 (category Article 5(1)(c) GDPR)out in Article 6 (1) of the GDPR In addition, there is a circumstance within the meaning of Article 9 (2) of the GDPR. (45) Article 9 (2) of the GDPR does72 KB (11,159 words) - 10:09, 17 November 2023
- CNPD (Portugal) - Deliberação 2022/1072 (category Article 28(7) GDPR)conjunction with article 3.º, n.º 2 of article 4.º, and line b) of n.º 1 of article 6.º, all of Law n.º 58/2019, of August 8 (LERGPD). 7. It should also163 KB (27,222 words) - 16:54, 6 December 2023
- APD/GBA (Belgium) - 105/2023 (category Article 5(1)(a) GDPR)therefore an infringement of Article 5 at the time of the facts. 1, a) GDPR, Article 6, Article 12.1 GDPR and Article 14.1 a) GDPR. 90. In addition, a controller102 KB (15,787 words) - 07:39, 6 September 2023
- HDPA (Greece) - 57/2021 (category Article 13 GDPR)2016/679 and article 11toun.3471 / 2006, according to article 58par.2 of the GCP in in combination with article 83 par. 5 of the GCC, and with article 21 par45 KB (7,165 words) - 15:22, 22 February 2022
- BVwG - W211 2222613-2/12E (redirect from BVwG - W211 2222613-2/12E (request for preliminary ruling under Article 267 TFEU)) (category Article 15(3) GDPR)the personal data to be provided pursuant to Article 15(1) GDPR: must Article 15(3) first sentence of the GDPR be interpreted as meaning that, due to the51 KB (8,592 words) - 07:03, 2 November 2021
- AEPD (Spain) - PS/00405/2020 (category Article 6(1)(a) GDPR)complained party, by the alleged infringement of article 6.1.a) of the RGPD, typified in article 83.5 of the GDPR. EIGHTH: The agreement to initiate this sanctioning20 KB (3,047 words) - 14:35, 13 December 2023
- Court of Appeal of Brussels - 2022/AR/556 (category Article 35(7) GDPR)provisions of the GDPR relating to the principles of data protection (article 5 of the GDPR) and the lawfulness of processing (article 6 of the GDPR). An infringement83 KB (13,694 words) - 09:53, 14 December 2023
- AEPD (Spain) - PS/00269/2019 (category Article 5(1)(f) GDPR)infringement of article 5.1.f), in relation to article 6.1, of the RGPD. The infringement of article 5.1.f) of the RGPD is typified in article 83.5.a) of the30 KB (4,761 words) - 14:24, 13 December 2023
- APD/GBA (Belgium) - 55/2021 (category Article 6(1)(e) GDPR)data on the basis of Article 6.1.e GDPR ? - Did the administration sharing confidential data with a third party violates article 25 GDPR ? - Should the administration81 KB (13,211 words) - 16:59, 12 December 2023
- Gerechtshof Amsterdam - 200.251.466/01 (category Article 21 GDPR)request under Article 21 GDPR can be made at any time and several times. It also found that a provisional measure can be granted under Article 21 GDPR if an urgent19 KB (3,021 words) - 15:48, 15 March 2022
- APD/GBA (Belgium) - 31/2020 (category Article 5(1)(c) GDPR)this case under Article 6(1)(a) or 6(1)(c)? If Article 6(1)(a) applies, do the requirements for parental consent under Article 8 GDPR also apply? Did the48 KB (7,926 words) - 16:56, 12 December 2023
- RvS - 201906880/1/A3 (category Article 5 GDPR)on Article 6(1)(c) GDPR. In particular, the appellant argued that pursuant to Article 6(3) GDPR, a public interest task under Article 6(1)(c) GDPR must40 KB (6,464 words) - 09:58, 7 July 2021
- APD/GBA (Belgium) - 12/2019 (category Article 7 GDPR)the ePrivacy Directive and Articles 6(1)(a) and 7 GDPR, in the lights of Article 4(11) and Recital 32 GDPR. Following this report, the GBA issued a decision107 KB (17,697 words) - 16:52, 12 December 2023
- AEPD (Spain) - TD/00262/2019 (category Article 17 GDPR)exercised by a complainant pursuant to Article 17 GDPR and analysed the exercise of the rights under Articles 15-22 GDPR. On 15 February 2019, Mrs A.A.A. (hereinafter17 KB (2,751 words) - 14:51, 13 December 2023
- AEPD (Spain) - PS/00025/2019 (category Article 6(1) GDPR)infringement of article 6.1 of the RGPD, typified in article 83.5 of the RGPD, afine of 75,000 euros (seventy-five thousand euros).SECOND: Under article 58.2.d)88 KB (14,301 words) - 13:48, 13 December 2023
- Hoge Raad - ECLI:NL:PHR:2023:935 (category Article 5(1)(c) GDPR)subject relied on the GDPR to anonymise and redact deeds which were key to the proceedings, on the basis of Article 5(1)(c) GDPR (data minimisation). In103 KB (17,620 words) - 10:13, 29 November 2023
- Persónuvernd - 2020010678 (category Article 5(1) GDPR)violation of the GDPR? The Persónuvernd held that the processing was lawful for several reasons. Regarding the GDPR, it held that Article 6(1)(f) applied26 KB (4,135 words) - 09:59, 6 May 2021
- APD/GBA (Belgium) - 33/2020 (category Article 5 GDPR)by the defendant under Article 6(1) GDPR? Did the controller infringe the data minimisation principle under Article 5(1)(c) GDPR? Did the controller commit39 KB (6,551 words) - 16:56, 12 December 2023
- Court of Appeal of Brussels - 2020/AR/1160 (Second Interim Decision) (category Article 7 GDPR)of Articles 6, 7 and 12 of the GDPR. In the contested decision, the Belgian DPA found the infringement of Article 6, 7, 12, 13 and 24 GDPR sufficiently proven67 KB (10,544 words) - 09:24, 10 September 2021
- AEPD (Spain) - EXP202202000 (category Article 17 GDPR)information correctly published at the time. The DPA noted that under Article 17(3)(b) GDPR, personal data shall not be erased if their processing is necessary20 KB (3,107 words) - 10:49, 13 December 2023
- CNIL (France) - SAN-2020-009 (category Article 5(1)(a) GDPR)and 13 GDPR? Is the information provided to data subjects throughout the subscription process in compliance with the provisions of Article 13 GDPR? Does48 KB (7,404 words) - 17:09, 6 December 2023
- CNPD (Luxembourg) - Délibération n° 20FR/2021 (category Article 38(1) GDPR)analyzes the criteria by Article 83.2 of the GDPR: - As to the nature and seriousness of the violation [article 83.2 a) of the GDPR], with regard to breaches66 KB (9,458 words) - 19:42, 4 September 2021
- NAIH (Hungary) - NAIH-3561-4/2022 (category Article 4(7) GDPR)controller’s status as “data controller” was correct under Article 4(7) GDPR. Article 44 GDPR requires that the transfer of personal data to a third country13 KB (1,677 words) - 09:39, 14 November 2022
- DSB (Austria) - 2021-0.347.702 (category Article 6(1)(f) GDPR)or by a third party. The court used Article 9(2)(f) GDPR to interpret legitimate interests under Article 6(1)(f) GDPR as including the establishment, exercise25 KB (3,875 words) - 10:36, 11 January 2024
- APD/GBA (Belgium) - 17/2020 (category Article 12(3) GDPR)a bank was subject to the GDPR in its capacity as a controller and should have answered access requests under Article 15 GDPR. The complainants are clients52 KB (8,603 words) - 16:55, 12 December 2023
- AEPD (Spain) - EXP202201681 (category Article 13 GDPR)violation of article 5.1.f) of the GDPR (LCEur 2016, 605) , typified in article 83.5.a) of the GDPR, a penalty of warning, of in accordance with article 77 of195 KB (30,495 words) - 12:40, 13 December 2023
- CNIL (France) - SAN-2024-002 (category Article 5(1)(e) GDPR)purpose constituted a breach of Article 5(1)(e) GDPR. Secondly, the CNIL indicated that the controller breached Article 13 GDPR by failing to include the right56 KB (8,757 words) - 14:12, 28 February 2024
- APD/GBA (Belgium) - 45/2023 (category Article 6(1)(a) GDPR)the data subject (Article 6(1)(a) GDPR and Article 9(2)(a) GDPR) or must be part of the performance of a contract (Article 6( 1)(b) GDPR) 2. According to22 KB (2,983 words) - 08:20, 16 May 2023
- Grünanger/Goricnik, Arbeitnehmer-Datenschutz und Mitarbeiterkontrolle2 Kap 7 Rz 7.87 and 7.93). In doing so, the defendant encroached on the plaintiff's privacy24 KB (3,763 words) - 09:49, 14 December 2023
- AKI (Estonia) - 2.1-3/20/347 (category Article 15(1) GDPR)protection of such information. ________________________________________ Page 7 7 (7) Due to the above, because the Public Information Act does not provide an26 KB (4,193 words) - 10:30, 13 December 2023
- APD/GBA (Belgium) - 21/2022 (category Article 5(1)(f) GDPR) (section Accountability (Article 24 GDPR), data protection by design and by default (Article 25 GDPR), integrity and confidentiality (Article 5(1)(f) GDPR), as well as security of processing (Article 32 GDPR))meaning that no violation of Article 5(1)(e) GDPR could be established. Integrity and confidentiality - Article 5(1)(f) GDPR As explained above, the DPA429 KB (58,279 words) - 09:12, 2 November 2022
- AEPD (Spain) - PS/00306/2019 (category Article 5(1)(c) GDPR)6 6/8the power to impose an administrative fine pursuant to article 83 of the GDPR-article 58.2 i) -, or the power to order the controller or data controllerthat22 KB (3,421 words) - 14:27, 13 December 2023